Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fronting Tomcat with Apache Httpd Mladen Turk Red Hat, Inc.

Published byHerbert Murphy Modified over 9 years ago

Similar presentations

Presentation on theme: "Fronting Tomcat with Apache Httpd Mladen Turk Red Hat, Inc."— Presentation transcript:

1 Fronting Tomcat with Apache Httpd Mladen Turk Red Hat, Inc.

2 Agenda Introduction Using mod_jk Using mod_proxy

3 Typical architecture Enterprise information systems
Heterogeneous environment Multiple data sources (static/dynamic)

4 Typical architecture Apache Httpd in front
Requests for dynamic information or interaction with back-end data sources go through web server to app server mod_jk or mod_proxy Apache HTTPD Apache Tomcat JBoss AS Geronimo

5 Enterprise IS problems
Applications are time consuming Process client data, access the database, do some calculations and present the data back to the client. Within ½ of second to achieve user perception of a working application High concurrency The entire family of your manager will participate in testing Add more CPU power Buy faster hardware Add more boxes Security Share applications with Intranet Use Intranet data

6 Simple configuration Separate content
Web server delivers static content Application server delivers dynamic content

7 Secure generic configuration
Secure your data Put the web server in DMZ Handle security with Web server

8 High availability configuration
Add more application servers Failover in case of failure Add more boxes Handle more clients

9 Apache HTTPD Architecture
Threaded Windows, Netware MaxClients Parent process Listener Socket Child process T1 T2 Tn

10 Apache HTTPD Architecture
Prefork Unixes StartServers MaxClients Parent process Listener Socket Child process Child process Child process

11 Apache HTTPD Architecture
Semi-threaded (worker) Unixes (Apache 2 and up) ThreadsPerChild MaxClients Parent process Listener Socket Child process T1 T2 Tn Child process T1 T2 Tn

12 Tomcat Architecture maxThreads AJP Connector HTTP Connector SSL
Server Service Engine Host Context Context 1 2 3 4

13 Tomcat architecture Thread context switch latency
Limits the number of concurrent connections Limit 250 per CPU – (empirical) Depends on the OS and JVM very bad on Windows (kernel limit on 64 event objects) T1 T2 Processing Latency

14 Getting the most out of integration
Do you need that? Additional configuration Additional maintenance Need to build the connector on your own Additional point of failure Define your needs Application response time Number of concurrent users Network throughput

15 Getting the most out of integration
Define your topology Application servers Web servers Static content delivery Clustering Sessions Caching Failover Load balancing

16 Getting the most out of Integration
Separate content Do not mix application and native web server content Separate applications Do not mount /* Do not mount /*.jsp Use native SSL Much faster then JSSE Can use hardware accelerators

17 Getting the most out of Integration
Do you need SSL between web and application server? Paranoid IT department Understand the problem Encryption is done twice Tomcat Apache HTTPD mod_ssl NIC 1 NIC 2 NIC 1 Firewall/443 Firewall/8009

18 Fronting with mod_jk Apache Tomcat project
Use current stable (1.2.22) Supported Apache Httpd servers Apache 1.33+ Apache Apache 2.2/2.3 (*)

19 mod_jk architecture Uses AJP 1.3 protocol Integrated load balancer
Binary custom protocol Constant connection pool No need to parse HTTP headers twice All preprocessing is done in Apache httpd Integrated load balancer Sticky sessions Failover Domain model clustering

20 mod_jk Architecture <Connector … protocol=“AJP/1.3"/>
worker.tomcat.type=ajp13 AJP Protocol <Connector … protocol=“AJP/1.3"/> Tomcat MaxClients ThreadsPerChild maxThreads AJP protocol is reusable. Mod_jk opens a pool of connections to Tomcat.

21 mod_jk Load balancer Architecture
worker.host1.type=ajp13 AJP13 AJP/1.3 jvmRoute=“host1” worker.host2.type=ajp13 AJP13 AJP/1.3 jvmRoute=“host2” worker.balancer.type=lb worker.balancer. balance_workers=host1,host2

22 Using mod_jk Understand configuration httpd.conf server.xml
<IfModule worker.c> StartServers MaxClients MinSpareThreads MaxSpareThreads ThreadsPerChild MaxRequestsPerChild 0 </IfModule> <Service name=“Catalina”> <!-- A AJP 1.3 Connector on port > <Connector port=“8009” address=“ ” enableLookups="false" redirectPort=“8443” debug=“0“ maxThreads=“150” minSpareThreads=“25” protocol=“AJP/1.3”/> <Engine name=“standalone” defaultHost=“localhost” jvmRoute=“host1”> workers.properties worker.host1.type=ajp13 worker.host1.port=8009 worker.host1.host= worker.host1.connection_pool_size=25

23 Clustering with mod_jk
Without sticky sessions Session replication exists between Tomcat nodes Sticky sessions No session replication Session replication between domains Force sticky sessions Domain clustering Allows buddy replication Split the nodes into groups Use with large clusters Tomcat cluster does only allow session replication to all nodes in the cluster. Once you work with more than 3-4 nodes there is too much overhead and risk in replicating sessions to all nodes.

24 mod_jk with Session replication
No need for session affinity Requests can be served with any node Tomcat session replication node1 mod_jk worker.cluster.type=lb Session replication worker.node1.type=ajp13 worker.node2.type=ajp13 node2

25 mod_jk Sticky sessions
Session affinity mark JSESSIOND defined as part of spec. <Engine name="jboss.web" defaultHost="localhost" jvmRoute="node1"> node1 JSESSIONID=XXX.node1 mod_jk worker.cluster.type=lb Session replication worker.node1.type=ajp13 worker.node2.type=ajp13 node2

26 mod_jk Domain clustering
Large number of nodes <Engine name=“Standalone" defaultHost="localhost" jvmRoute="domain1"> node1 node2 JSESSIONID=XXX.domain1 mod_jk worker.cluster.type=lb worker.domain1.type=ajp13 node3 node4 worker.domain2.type=ajp13

27 mod_jk Hot standby In case of failure
Takes the load only if all other nodes fail node1 mod_jk worker.cluster.type=lb worker.node1.type=ajp13 worker.node2.disabled=True worker.node2.type=ajp13 node2

28 Handle high concurrency
Use connectionTimeout in AJP/1.3 connector Actually this is KeepAlive timeout Closes inactive connections Firewalls not passing FIN packets Multiple Apache Httpd front ends Use connect_timeout Sends small packet to check the Tomcats availability to serve requests Can be replaced with socket_timeout Use prepost_timeout Needed with connectionTimeout set Detects closed connections by Tomcat

29 mod_jk Dynamic Configuration
Web based management Allows dynamic management VirtualHost limited workers.properties worker.list=jkstatus,... ... worker.jkstatus.type=status httpd.conf <Location /jkstatus/> JkMount jkstatus Order deny,allow Deny from all Allow from </Location>

30 Using mod_proxy Part of standard Apache httpd distribution
No need to build additional module Better integration with other modules (mod_rewrite) Only way to have SSL communication with Tomcat Using mod_ssl Requires custom filter in Tomcat to get the original certificates Requires additional headers for original client certificates Uses http protocol Standard protocol No connection problems

31 mod_proxy for Apache Httpd 2.2
Rewritten mod_proxy Connection pool capabilities Option to separate MaxThreadsPerChild and connection pool size More protocol AJP 1.3 protocol support mod_proxy_ajp Integrated load balancer mod_proxy_balancer Protocol independent Session affinity support Multiple strategies

32 mod_proxy Architecture
Shared memory runtime data Each child is aware of the connection status Parent process Listener Socket Child process Scoreboard Worker #1 Worker #1 status elected read transferred Worker #2 Worker #n On the picture you can see the internal mod_proxy architecture. All runtime data is held inside the httpd’s scoreboard or shared memory. This enables to dynamically manage the workers and to collect the runtime data from all the child process. This fixes the common problem with previous mod_proxy causing constant connection delays if the connection to the remote can not be established or is broken. With shared memory the first connection to the remote that fails, will update the worker’s status flag in the shared memory. The consecutive requests on different child processes will in that case skip the useless connection attempts on a already dead node. Child process Worker #2 Worker #1 Worker #n Worker #2 Worker #n

33 mod_proxy Load balancing
Virtual proxy Like any other protocol but prefixed as balancer:// Contains 1 … n protocol workers LoadModule balancer_module modules/mod_proxy_balancer.so <Proxy balancer://cluster> BalancerMember </Proxy> ProxyPass /examples balancer://cluster/examples

34 Why Apache Httpd with Tomcat?
Pros Can serve static content faster compared to standalone Tomcat. Supports PHP, CGI etc via modules in addition to the ability to route JSP/Servlet requests to tomcat. Can load balance requests between multiple instances of tomcat. Also provide session stickiness. Cons Needs additional effort to setup. Dynamic Content (JSP/Servlets) in a heavy traffic scenario may be a bottleneck, due to the tunnelling that happens between apache and tomcat. Native code tightly coupled to the operating system.

35 Links Apache Httpd Tomcat Mod_jk Support Google
Tomcat Mod_jk Support Apache Httpd mailing lists Tomcat users mailing list Google

36 Q & A

37 Fronting Tomcat with Apache Httpd was presented to you by
Mladen Turk Fronting Tomcat with Apache Httpd was presented to you by

Download ppt "Fronting Tomcat with Apache Httpd Mladen Turk Red Hat, Inc."

Similar presentations

What all is there Inside the Apache web server. These slides are part of study material of LAMP course. Course conducted by Prof Rocky Jagtiani – Technical.

What all is there Inside the Apache web server. These slides are part of study material of LAMP course. Course conducted by Prof Rocky Jagtiani – Technical.
Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.

Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.
Apache Performance Tuning Part 2: Scaling Out Sander Temme.

Apache Performance Tuning Part 2: Scaling Out Sander Temme.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Introducing Apache Tomcat 6 Mladen Turk Red Hat, Inc.

Introducing Apache Tomcat 6 Mladen Turk Red Hat, Inc.
Network+ Guide to Networks, Fourth Edition

Network+ Guide to Networks, Fourth Edition
Clustering and load balancing with Apache 2.2 mod_proxy

Clustering and load balancing with Apache 2.2 mod_proxy
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Apache Performance Tuning Part 2: Scaling Out Sander Temme.

Apache Performance Tuning Part 2: Scaling Out Sander Temme.
Technical Architectures

Technical Architectures
Module 8: Concepts of a Network Load Balancing Cluster

Module 8: Concepts of a Network Load Balancing Cluster
Load Balance of Tomcat with Apache by George Fu, UCCS CS 526 Semester Project Spring 2009.

Load Balance of Tomcat with Apache by George Fu, UCCS CS 526 Semester Project Spring 2009.
Scalability and planning for growth 1WUCM1. Content management issues Structural – Naming (e.g. file, URL) policy – File and directory naming needs: invent/design/borrow.

Scalability and planning for growth 1WUCM1. Content management issues Structural – Naming (e.g. file, URL) policy – File and directory naming needs: invent/design/borrow.
Chris Shuster 4/29/2009 1Chris Shuster.  Application Servers ◦ Backend processing platform. ◦ Multiple platforms, operating system and architecture.

Chris Shuster 4/29/2009 1Chris Shuster.  Application Servers ◦ Backend processing platform. ◦ Multiple platforms, operating system and architecture.
SPUD A Distributed High Performance Publish-Subscribe Cluster Uriel Peled and Tal Kol Guided by Edward Bortnikov Software Systems Laboratory Faculty of.

SPUD A Distributed High Performance Publish-Subscribe Cluster Uriel Peled and Tal Kol Guided by Edward Bortnikov Software Systems Laboratory Faculty of.
Lesson 1: Configuring Network Load Balancing

Lesson 1: Configuring Network Load Balancing
Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.

Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.
Content Delivery Networks. History Early 1990s sees 100% growth in internet traffic per year 1994 o Netscape forms and releases their first browser.

Content Delivery Networks. History Early 1990s sees 100% growth in internet traffic per year 1994 o Netscape forms and releases their first browser.
APACHE WEBSERVER.

APACHE WEBSERVER.
Apache Jakarta Tomcat 20041058 Suh, Junho. Road Map Tomcat Overview Tomcat Overview History History What is Tomcat? What is Tomcat? Servlet Container.

Apache Jakarta Tomcat Suh, Junho. Road Map Tomcat Overview Tomcat Overview History History What is Tomcat? What is Tomcat? Servlet Container.

Similar presentations

Ads by Google